Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

Netflix malware and phishing attack campaigns are contributing to the rise of a black market built around the sale of stolen credentials.

Lionel Payet, a threat intelligence officer at Symantec Security Response, explains in a blog post how he came across two unique attack campaigns that are targeting users of the popular web streaming platform.

The trojan, which has been disproportionately used in attacks centered in Brazil, is not dropped by drive-by downloads. Users must install it onto their computers. They can be tricked into doing so by attackers who link the malicious executables to ads offering Netflix access at a discount rate.

The second attack campaign involves the use of phishing emails.

“Netflix subscriptions allow between one and four users on the same account,” Payet observes. “This means that an attacker could piggyback on a user’s subscription without their knowledge.”

The researcher identifies one phishing campaign in particular that warned Danish users of an incorrect processing of their monthly payment and urged them to log in to their accounts. A link provided in the email redirected victims to a fake login page.

Source: Security Response

In both the malware and phishing campaigns, attackers steal Netflix users’ account credentials, which in turn end up on black market sites. Most of these sell access to the compromised accounts, which in a way assumes the function of an underground streaming service. Others, however, involve tools that use stolen subscriptions or payment card details to create new Netflix accounts, which can be sold on other black market websites.

Acknowledging these threats, Payet urges users to not click on any ads offering cheap Netflix access. Users should also exercise caution around suspicious email links, and they should always review their monthly credit card bills for suspicious transactions.